Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptanalysis of Two Dynamic ID-based Authentication

Published byMelina Butler Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptanalysis of Two Dynamic ID-based Authentication"— Presentation transcript:

1 Cryptanalysis of Two Dynamic ID-based Authentication
Schemes for Multi-Server Architecture Ding Wang, Chunguang Ma, Deli Gu, Zhenshan Cui Presented by MSc. Ding Wang, November 11, Wuyishan () Tel:

2 Outline Introduction Review of Li et al.’s scheme Proposed attacks
Two observations Conclusion 图 i安全框架

3 Introduction Network Server User attacker Remote authentication
a mechanism to authenticate remote users over insecure communication networks Basic techniques: (1) what a user knows, such as passwords, PINs; (2) what a user has, such as smart cards, tokens; (3) what a user is, such as fingerprints; Network Server User attacker

4 Two-factor Authentication ——Smart-card-based Password Authentication
Combine the first two techniques to obtain a secure and efficient scheme with desirable functionalities. ID, PW ID, PW Remote Server User with a low entropy password

5 A Practical Problem The traditional two-factor authentication schemes are suitable for single-sever environment. However, what will happen if there are multiple service servers ? The user has to remember multiple (ID, PW) pairs. Server j Server 1 Server 2 User with a low entropy password IDj , PWj ….. ID1 , PW1 ID2 , PW2

6 Two-factor authentication for the multi-server environment
Advantages register once remember one (ID, PW) pair access multiple service servers

7 Challenges powerful adversary Naive users
According to the common Dolev-Yao adversary model (1) he can eavesdrop、replay、fabricate 、intercept、 block any messages over the channel (2)what he cannot do is — — “crack” encrypted messages Due to Side-Channel attacks smart cards should be assumed to be non-tamper resistant Collusion attacks is practical malicious internal user + dishonest server Naive users users tend to choose “weak passwords” We are the first to pay attention to this practical threat. my phone number?

8 A Challenge (continue)
Have to reconcile the following issues Security resistance to various passive and active attacks Functionalities (user friendliness ) Performance

9 What constitutes a practical scheme ?
No serious security vulnerabilities With desirable functionalities Efficient

10 Trade-offs and Conflicts
Security Performance Usability freely password change Offline password guessing attack Timely wrong password detection

11 A history of “attack-and-improvement”

12 A misunderstanding-prone concept
“Dynamic ID-based” Shao, M. and Chin, Y.: A Privacy-Preserving Dynamic ID-Based Remote User Authentication Scheme with Access Control for Multi-Server Environment. IEICE Transactions on Information and Systems, Vol.E95–D, No.1, (2012) (An entended version of a paper that has been presented in NSS 2010) Li, X., Xiong, Y., Ma, J., Wang, W.: An enhanced and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications 35(2), 763–769 (2012) It basically means the user’s identity is dynamically changed during the login process and has nothing to do with the hot “ID-based Cryptography”.

13 Notations and abbreviations

14 A demonstration of Li et al.’s scheme

15 Review of Li et al.’s scheme
the registration phase the login phase the verification phase the password update phase

16 Review of Li et al.’s scheme (1/4) —— Service server registration
Master secret x; Secret number y; Service Providing Server Sj Control Server ( CS) Choose SIDj

17 Review of Li et al.’s scheme (1/4) —— User registration
Master secret x; User Secret number y; Choose IDi, Pi; Control Server ( CS) Choose a random b; Compute Ai= h(b||Pi) ;

18 Review of Li et al.’s scheme (2/4) —— Login phase
Ui CS Sj

19 Review of Li et al.’s scheme (3/4) —— Verification phase
Ui CS Sj Only based on symmetric cryptographic primitives

20 Review of Li et al.’s scheme (4/4) —— Password Change phase
Support local password update; W only focus on the login and verification phase, and omit this phase. 20

21 Two vulnerabilities Offline password guessing attack
the most damaging threat to a password protocol User anonymity breach Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications 35(2), 763–769 (2012) Which means the essential goal can not be achieved 21

22 Security Flaws (1/2) ——Offline password guessing attack
obtains {Di, Ei, b, h(y), h(.)} in Ui’s smart card intercepted

23 Security Flaws (2/2) —— User anonymity breach attack
Sj colludes with Um Ui Ei is kept static in all of Ui’s login requests, and thus can be exploited to trace user activity.

24 Lessons learned from the cryptanalysis
Two further observations Only symmetric-key primitives (such as Hash, symmetric encryption, MAC) are intrinsically inadequate to withstand offline password guessing attack. (We managed to prove it in the following work: Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. (2012), Submitted on Sep 7, Last week, it was accepted and made on line, DOI: /dac ) By following our two observations, more than 50% this type of schemes can be easily found problematic . In the multi-server environment, collusions attacks are major threats to user privacy. — —Our new work: On the anonymity of two-factor authentication schemes

25 Break 50% this type of schemes

26 Conclusion Our focus is on two-factor authentication for multi-server architecture. Two practical attacks are demonstrated on Li et al.’s scheme. Two observations are put forward. Remarkably, public-key techniques are indispensible to resist against offline password guessing attack. By following these two observations, more 50% existing schemes can be easily found problematic.

27 THANK YOU & QUESTION

28 Side-Channel Attack

29 Various attacks … Offline password guessing attack
Smart card loss attack Stolen verifier attack User impersonation attack Server masquerading attack Replay attack Parallel session attack Denial of service attack Password disclosure to server (Insider attack) Forward secrecy Key compromise impersonation attack Unknown key share attack

30 Functionalities key agreement mutual authentication
local password change user anonymity (initiator un-traceability) no verifier table support weak password non-tamper resistant smart cards repairability

31 Performance Computation complexity ( a big hill )
cryptographic operations are often computation-intensive, like modular exponentiation, modulo inversion, pairing … Storage cost ( not a big problem) Communication overhead (not a big problem)

Download ppt "Cryptanalysis of Two Dynamic ID-based Authentication"

Similar presentations

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Similar presentations

Ads by Google